[qubes-users] Re: Help me test fixes for Intel IGD graphical artifacts on Qubes R4.0

2021-01-15 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Jan 16, 2021 at 01:49:25AM +, Jinoh Kang wrote: > On 1/15/21 8:06 PM, Marek Marczykowski-Górecki wrote: > > On Fri, Jan 15, 2021 at 05:29:43PM +, Jinoh Kang wrote: > >> Is qubes-xorg-x11-drv-intel an option? Upstre

[qubes-users] Re: Help me test fixes for Intel IGD graphical artifacts on Qubes R4.0

2021-01-15 Thread Marek Marczykowski-Górecki
apshot. We do backport this package from newer Fedora already: https://github.com/QubesOS/qubes-linux-dom0-updates But I would prefer to get it upstream anyway (and then possibly build xorg-x11-drv-intel from newer git snapshot). - -- Best Regards, Marek Marczykowski-Górecki Invisible Thin

[qubes-users] Re: Help me test fixes for Intel IGD graphical artifacts on Qubes R4.0

2021-01-13 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Jan 13, 2021 at 01:21:51PM +, Jinoh Kang wrote: > On 1/11/21 11:03 PM, Marek Marczykowski-Górecki wrote: > > So, I can confirm the (fixed) 5.10 patch also improves the situation. > > Sounds good. Thanks for testing!

[qubes-users] Re: Help me test fixes for Intel IGD graphical artifacts on Qubes R4.0

2021-01-11 Thread Marek Marczykowski-Górecki
llow-up patches and give some feedback here. So, I can confirm the (fixed) 5.10 patch also improves the situation. Have you sent it upstream? I do consider including it in our standard kernel package, but I'd like to see i915 driver maintainer opinion first. - -- Best Regards, Marek Marczykows

[qubes-users] Re: [PATCH v5.10] drm/i915/userptr: detect un-GUP-able pages early

2021-01-10 Thread Marek Marczykowski-Górecki
const char *type, > diff --git a/drivers/gpu/drm/i915/i915_params.h > b/drivers/gpu/drm/i915/i915_params.h > index 330c03e2b4f7..1169a610a73c 100644 > --- a/drivers/gpu/drm/i915/i915_params.h > +++ b/drivers/gpu/drm/i915/i915_params.h > @@ -79,6 +79,7 @@ struct drm_printer; >

Re: [qubes-users] Re: Please help test kernel 5.4 in anticipation of Qubes 4.0.4-rc2

2020-11-28 Thread Marek Marczykowski-Górecki
ers run fine). > > The VMs which failed were running PV mode, switching to PVH fixed them. This seems to be: https://github.com/QubesOS/qubes-issues/issues/6052 So, it is related to the Linux kernel version, not really Xen version. - -- Best Regards, Marek Marczykowski-Górecki Invisible T

Re: [qubes-users] Re: Please help test kernel 5.4 in anticipation of Qubes 4.0.4-rc2

2020-11-28 Thread Marek Marczykowski-Górecki
ng/ > > > Hi, > > I tried to install, but I think it doesn't install because I already > installed kernel-latest (I need it for my ethernet card): > > [xxx@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing > kernel Try adding `--action=update`

[qubes-users] QSB #61 Information leak via power sidechannel (XSA-351)

2020-11-11 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dear Qubes Community, We have just published Qubes Security Bulletin (QSB) #61: Information leak via power sidechannel (XSA-351). The text of this QSB is reproduced below. This QSB and its accompanying signatures will always be available in the

[qubes-users] QubesOS and 3mdeb "minisummit" 2020 - starting online today!

2020-05-20 Thread Marek Marczykowski-Górecki
ive stream are here: https://twitter.com/3mdeb_com/status/1263068441319223296 - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP

Re: [qubes-users] Re: Fedora 30 approaching EOL, Fedora 31 TemplateVM available, Fedora 32 TemplateVM in testing

2020-05-03 Thread Marek Marczykowski-Górecki
ally see issues linked there) Sadly, Python 3.8 in there breaks few things (including updates via salt), so it may not be ready before Fedora 30 EOL. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q

Re: [qubes-users] AppVM won't start any application

2020-04-26 Thread Marek Marczykowski-Górecki
anything inside the VM, if this would be the cause, you wouldn't get any output from the vm. Check modification time on the log, if it's really about latest try. Can you start the debian-10 template itself? Or it fails the same way? - -- Best Regards, Marek Marczykowski-Górecki Invisible Things L

Re: [EXT] Re: [qubes-users] Qubes Updater doesn't update

2020-03-27 Thread Marek Marczykowski-Górecki
On Sat, Mar 28, 2020 at 12:57:55AM +0100, Ulrich Windl wrote: > On 2020-03-21 20:39, Marek Marczykowski-Górecki wrote: > ... > > Sounds like https://github.com/QubesOS/qubes-issues/issues/5705 > > The fix is already in current-testing repository, and will be uploaded > >

Re: [qubes-users] Qubes Updater doesn't update

2020-03-21 Thread Marek Marczykowski-Górecki
l be uploaded to current (aka stable) in few days. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRm

Re: [qubes-users] Re: [4.0] Intel Wi-Fi 6 AX200 adapter

2020-03-19 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Mar 20, 2020 at 01:05:02AM +0100, Vít Šesták wrote: > Hello, > > On March 20, 2020 12:33:31 AM GMT+01:00, "Marek Marczykowski-Górecki" > wrote: > >I didn't spot VT-d errors, but I'm not e

Re: [qubes-users] Re: [4.0] Intel Wi-Fi 6 AX200 adapter

2020-03-19 Thread Marek Marczykowski-Górecki
attaching ethernet PCI device. Is it a Realtek card? I don't remember exactly what helped, but something helped here. Paweł, can you help? It was either attaching SD card reader (which is another function on the same PCI device) to the sys-net, or enabling no-strict-reset option (or maybe permis

Re: [qubes-users] Another Intel vulnerability

2020-03-12 Thread Marek Marczykowski-Górecki
bes, as relevant interfaces are not available from within a VM. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNAT

Re: [qubes-users] Is Qubes Split GPG safe?

2020-02-14 Thread Marek Marczykowski-Górecki
he box without requiring an addon - meaning probably more people will use it. BTW we need to verify is this major breakage of Thunderbird addons won't break other Qubes features too - namely opening attachments in DisposableVM, which is also done using an addon. - -- Best Regards, Marek Marczykowski-Górec

Re: [qubes-users] Re: R4 system requirements; AMD compatibility?

2020-02-09 Thread Marek Marczykowski-Górecki
D-only, > apparently. Unclear to me if the other items 1.2.35 and higher, which is > for "x86" apply only to intel or to all x86 architecture. I may be missing it in this thread, but have anybody tried Qubes 4.1 builds (with Xen 4.13) on such system? Does it have the same issue?

Re: [qubes-users] Re: R4 system requirements; AMD compatibility?

2020-02-08 Thread Marek Marczykowski-Górecki
nly then find how to mitigate this issue. If specific flags would turn out to be not related to security features or otherwise having unwanted effects, then ignoring those changes would be an option. But ignoring _only those flags verified to be safe to ignore_, not all of them. - -- Best Regards, Marek

Re: [qubes-users] Re: Qubes OS 4.0.2 has been released!

2020-01-09 Thread Marek Marczykowski-Górecki
e using it. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl4X0IEACgkQ24/THMrX 1yzgDgf8CAQZyZ

[qubes-users] QSB #56: Insufficient anti-spoofing firewall rules

2019-12-25 Thread Marek Marczykowski-Górecki
org/doc/firewall/#enabling-networking-between-two-qubes [2] https://nvd.nist.gov/vuln/detail/CVE-2019-14899 - -- The Qubes Security Team https://www.qubes-os.org/security/ ``` - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normall

[qubes-users] QSB #55: Issues with PV type change and handling IOMMU on AMD (XSA-310, XSA-311)

2019-12-11 Thread Marek Marczykowski-Górecki
/advisory-310.html [2] https://xenbits.xen.org/xsa/advisory-311.html - -- The Qubes Security Team https://www.qubes-os.org/security/ ``` - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting

Re: [qubes-users] 2 new Intel vulnerabilites

2019-11-15 Thread Marek Marczykowski-Górecki
s/4855 - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl3PEHUACgkQ24/THMrX 1yy5rAf

[qubes-users] QSB #52: Xen issues affecting PCI passthrough and PV domains (XSA-299, XSA-302)

2019-10-31 Thread Marek Marczykowski-Górecki
y-299.html [2] https://xenbits.xen.org/xsa/advisory-302.html - -- The Qubes Security Team https://www.qubes-os.org/security/ ``` - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: W

Re: [qubes-users] Safe to switch default-mgmt-dvm TemplateVM from Fedora 29 to Fedora 30?

2019-10-16 Thread Marek Marczykowski-Górecki
ora 29). > > Should I just switch or rather not touch it? Yes, it's ok to and even desirable to switch. It should be based on stock template without less trusted repositories and software installed. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes u

[qubes-users] QSB #51: Insufficient validation of backup compression filter on restore

2019-09-10 Thread Marek Marczykowski-Górecki
qubes-os.org/doc/backup-restore/ [4] https://www.qubes-os.org/doc/backup-emergency-restore-v4/ [5] https://www.qubes-os.org/doc/backup-emergency-restore-v3/ [6] https://www.qubes-os.org/doc/backup-emergency-restore-v2/ - -- The Qubes Security Team https://www.qubes-os.org/security/ ``` - -- Best

Re: [qubes-users] Moving Qubes+VMs to Larger SSD - How to Handle Storage Pools on Other Disks?

2019-09-08 Thread Marek Marczykowski-Górecki
antime, you can try some naive methods of slowing down the extraction process, for example by attaching strace to it (`strace -p $(pidof qfile-dom0-unpacker)`), or pausing it from time to time by sending SIGSTOP signal (and then SIGCONT to unpause). You can do it in a loop like this:

[qubes-users] Re: [qubes-devel] qvm-create-windows-qube Automatically creates

2019-08-20 Thread Marek Marczykowski-Górecki
ook into it. I haven't looked into details nor tried it yet, but on the first sight looks really cool! - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad t

Re: [qubes-users] Re: Sorry, we cannot find your kernels...

2019-06-30 Thread Marek Marczykowski-Górecki
ectory. Should be good now. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl0Ym/sACgkQ24

Re: [qubes-users] qubes update servers down?

2019-06-28 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Jun 29, 2019 at 12:45:51AM +0200, Marek Marczykowski-Górecki wrote: > On Fri, Jun 28, 2019 at 09:43:19PM +, mossy wrote: > > Hi, > > > > Updating my qubes templates (debian-9, fedora-29/-30, whonix-14) have >

Re: [qubes-users] qubes update servers down?

2019-06-28 Thread Marek Marczykowski-Górecki
t; > There's also this bug report: > https://github.com/QubesOS/qubes-issues/issues/5130 > > Any updates? Indeed there is some problem. Working on it, should be back in few minutes (hopefully). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messe

Re: [qubes-users] qubes-dom0-update keep showing the same already downloaded packages.

2019-06-16 Thread Marek Marczykowski-Górecki
packages in most cases... But also shouldn't download old package when newer is already there, unless you've explicitly requested it to do so. But you don't have newer kernel (like 4.19.x), running `dnf update` or `qubes-dom0-update` after doing reinstall for other packages should help. - -- Best

Re: [qubes-devel] Re: [qubes-users] Fedora 28 has reached EOL

2019-05-30 Thread Marek Marczykowski-Górecki
e behaves like 'apt autoremove'. And qubes-vm-recommended depends on thunderbird-qubes, which depends on thunderbird. So when you remove thunderbird, qubes-vm-recommended needs to be removed too. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order

Re: [qubes-users] kernel panic with new 4.19.43-1.pvops.qubes.x86_64 kernel

2019-05-21 Thread Marek Marczykowski-Górecki
is to move EFI/qubes/* into EFI/BOOT/ after each update. The path is included in relevant packages, so you can't just configure it different. But you can move bigger files (xen.efi, vmlinuz, initramfs) instead of copying to save some space. - -- Best Regards, Marek Marczykowski-Górecki Invisible Th

Re: [qubes-users] kernel panic with new 4.19.43-1.pvops.qubes.x86_64 kernel

2019-05-20 Thread Marek Marczykowski-Górecki
hich, badly enough, insists on /EFI/BOOT. So > could files in efi/EFI/qubes be sym'linked ?? This unfortunately won't fly. EFI System Partition (ESP) is accessed directly by UEFI and needs to be FAT32, which does not support symlinks. - -- Best Regards, Marek Marczykowski-Górecki Invisible T

Re: [qubes-users] kernel panic with new 4.19.43-1.pvops.qubes.x86_64 kernel

2019-05-19 Thread Marek Marczykowski-Górecki
mfs-KERNEL_VERSION.img - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlziEF

[qubes-users] QSB #49: Microarchitectural Data Sampling speculative side channel (XSA-297)

2019-05-15 Thread Marek Marczykowski-Górecki
e new Xen binaries. Credits See the original Xen Security Advisory. References === [1] https://xenbits.xen.org/xsa/advisory-297.html - -- The Qubes Security Team https://www.qubes-os.org/security/ ``` - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Be

Re: [qubes-users] Update checking over clearnet instead of Tor?

2019-04-02 Thread Marek Marczykowski-Górecki
own network connection and report if there are any updates available. When you actually download and install those updates (over Tor) in the template is up to you, it isn't immediately after checking if something is available, so time based correlation isn't really an issue here. - -- Best Regards,

Re: [qubes-users] [4.0] Kernel panic in HVM

2019-03-17 Thread Marek Marczykowski-Górecki
em is that I cannot read it. Is there any way to read it, e.g., by > disabling the automatic reboot somehow? Try pointing kernel at hvc0 console (console=hvc0 kernel arg), then you should get it in /var/log/xen/console/guest-VMNAME.log. - -- Best Regards, Marek Marczykowski-Górecki Invis

Re: [qubes-users] vchan doesn’t work on recent mainline kernels

2019-03-14 Thread Marek Marczykowski-Górecki
R4.1 (gui-agent-linux master branch). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlyK+

Re: [qubes-users] Can't set default_target to @dispvm:foo in policy

2019-03-08 Thread Marek Marczykowski-Górecki
expected is the dom0 prompt would have "Disposable VM (dvm-print)" > entry pre selected. > > Seems like a bug? Indeed. Could you report it at https://github.com/QubesOS/qubes-issues/issues ? - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because

Re: [qubes-users] where/how does dom0 gets its icons? ANSWERED

2019-03-03 Thread Marek Marczykowski-Górecki
sed in dom0 (meaning: one of the same name) get used? Or should the > theme preferred by that template's user account get used? Not > sure what the most natural answer is. But I'm satisfied for now. I think the logical thing to do, would be to use template's preferred theme. If desirable, ther

Re: [qubes-users] [warn] last whonix-gw update, ipv6 and possible VPN leak!

2019-02-23 Thread Marek Marczykowski-Górecki
comes with relevant firewall rules. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlxx5

Re: [qubes-users] disposible vms for sys-net, firewall, usb?

2019-02-23 Thread Marek Marczykowski-Górecki
VM template for it. This have one important advantage - will work universally regardless of configuration/tools you use, including custom VPN scripts etc. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normall

[qubes-users] QSB #47: Insecure default DisposableVM networking configuration

2019-02-19 Thread Marek Marczykowski-Górecki
[2] https://www.qubes-os.org/doc/data-leaks/ [3] https://www.qubes-os.org/doc/glossary/#dvm-template [4] https://www.whonix.org/wiki/Qubes/Install [5] https://github.com/QubesOS/qubes-issues/issues/1121 - -- The Qubes Security Team https://www.qubes-os.org/security/ ``` - -- Best Regards, Marek Marczy

Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability

2019-02-14 Thread Marek Marczykowski-Górecki
> Regards, > Vít Šesták 'v6ak' > > [1] https://www.qubes-os.org/news/2019/01/09/qubes-401/ > [2] https://www.debian.org/security/2019/dsa-4371 > [3] https://www.qubes-os.org/downloads/ > - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because

Re: [qubes-users] why was DNS/ICMP removed from Qubes manager/firewall in R4?

2019-02-13 Thread Marek Marczykowski-Górecki
firewall. There is clear message what to do if you want to cut the qube from the network. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGI

Re: [qubes-users] Re: sudo qubes-dom0-update downloads packages but abruptly ends with a "The downloaded packages were..."

2019-02-10 Thread Marek Marczykowski-Górecki
te to the same version it already have installed. Looks to be this issue: https://github.com/QubesOS/qubes-issues/issues/4792 - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a ba

Re: [qubes-users] qubes-templates-itl-testing: certificate expired. Drop https or update cert?

2019-02-10 Thread Marek Marczykowski-Górecki
or you? Regardless of the above, I've notified mirror operator. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpu

[qubes-users] Re: [qubes-devel] Template disappeared: qubes-template-fedora-29-minimial

2019-02-01 Thread Marek Marczykowski-Górecki
l), you can forcibly remove the package with: sudo rpm -e --noscripts qubes-template-fedora-29-minimial See also https://www.qubes-os.org/doc/reinstall-template/ - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normal

Re: [qubes-users] post-apt-reinstall-issues sys-whonix not connecting to tor

2019-01-25 Thread Marek Marczykowski-Górecki
updated the whonix-gw-14 and whonix-ws-14 as well. I am planning to use > the pre-update AppVMs as a backup and transfer necessary data to the newly > created post-update AppVMs. Than delete them. > In this case, I can just rename the anon-whonix AppVM and the new anon-whonix > will be cre

Re: [qubes-users] post-apt-reinstall-issues sys-whonix not connecting to tor

2019-01-25 Thread Marek Marczykowski-Górecki
henge its name to prevent data loss? No, if anon-whonix already exists, it will not be recreated. But note anon-whonix is based on whonix-ws-14 template, which is also affected. You should update it to unaffected version using one of the methods described in the QSB. - -- Best Regards, Marek Mar

Re: [qubes-users] Qubes 4.0.x - Linux kernel 4.19.15 package available in testing repository

2019-01-25 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Jan 25, 2019 at 01:58:59PM +0100, Patrik Hagara wrote: > On 1/24/19 5:18 PM, Patrik Hagara wrote: > > On 1/20/19 1:57 AM, Marek Marczykowski-Górecki wrote: > >> Hi all, > >> > >> There is updated "ker

Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability

2019-01-24 Thread Marek Marczykowski-Górecki
> Would that somehow force cache busting for some reason? No. But it would be easier - no need to think in which repository given template is. In this particular case, it should be fine as given template is only in one of those repositories. > > Also, using the 'upgrade' action is a lot le

Re: [qubes-users] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Jan 24, 2019 at 01:10:42AM +, js...@bitmessage.ch wrote: > Marek Marczykowski-Górecki: > > Summary > > > > > > The Debian Security Team has announced a security vulnerability > > (DSA-4371-1)

[qubes-users] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread Marek Marczykowski-Górecki
s://www.debian.org/security/2019/dsa-4371 - -- The Qubes Security Team https://www.qubes-os.org/security/ ``` - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BE

[qubes-users] Qubes 4.0.x - Linux kernel 4.19.15 package available in testing repository

2019-01-19 Thread Marek Marczykowski-Górecki
esOS/qubes-issues/issues - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlxDx4YACgkQ24/THMrX

Re: [qubes-users] last qubes-dom0-update brings kernel 4.19 and crashs login

2019-01-19 Thread Marek Marczykowski-Górecki
specially if you see any error message at the end. > I did sudo dnf downgrade kernel and it didin't work. > I had to change grub to fix. You should be able to choose older version in grub menu. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the

Re: [qubes-users] fedora-29-minimal sys-net/firewall problem

2019-01-13 Thread Marek Marczykowski-Górecki
proute. Similar problem happened to Debian template[1] and it was fixed there, but apparently Fedora is also affected. I'll add relevant dependency. [1] https://github.com/QubesOS/qubes-issues/issues/4411 - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the o

Re: [qubes-users] "Qubes Update" icon (Sun Looking icon on top right)

2019-01-13 Thread Marek Marczykowski-Górecki
the whonix-gw and -ws error I got... You need to install python-concurrent.futures package there. Open terminal in whonix-gw (and -ws) and execute: sudo apt install python-concurrent.futures - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order

Re: [qubes-users] Smart cards, split GPG, and timing attacks

2019-01-13 Thread Marek Marczykowski-Górecki
parate per-repository key, called deployment key. But you can't re-use the same key for multiple repositories, so if you have a project with 5 repositories, you need 5 keys... - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people no

Re: [qubes-users] Smart cards, split GPG, and timing attacks

2019-01-11 Thread Marek Marczykowski-Górecki
ne depends on a lot of software without reliable integrity verification method (or, say, a lot of NodeJS package ;) ), then such environment would be significantly easier to compromise, and so the key used there (even if not leaked, then used from there to sign/decrypt anything). - -- Best Regards, Mar

Re: [qubes-users] Salt orchestration

2019-01-11 Thread Marek Marczykowski-Górecki
g-agent is that, client can request gpg-agent to export secret keys. Which defeat the whole purpose of keeping secret keys in separate qube - that client have no access to its secret part. You may want to look at https://github.com/hw42/qubes-app-linux-split-gpg2/ I think this problem does not ap

Re: [qubes-devel] Re: [qubes-users] qubes dom0 update breaks template updating

2019-01-11 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Jan 11, 2019 at 11:23:00AM +, qtpie wrote: > > > Marek Marczykowski-Górecki: > > On Wed, Jan 09, 2019 at 10:19:00PM +, qtpie wrote: > >> The latest dom0 update broke updating my templates. I altered &g

Re: [qubes-users] "Qubes Update" icon (Sun Looking icon on top right)

2019-01-10 Thread Marek Marczykowski-Górecki
issue for new templates, but for older installs, you need to install python-concurrent.futures manually there. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-pos

Re: [qubes-users] qubes dom0 update breaks template updating

2019-01-09 Thread Marek Marczykowski-Górecki
om0-virtual-machines/commit/ca27a33b0ec59f5ea2d4b334973eaa837f11ffc4 > > I'm not saying this is a bug, I can understand that an update is not > compatible with certain customisations and it is the users responsiblity > to fix this. > > In any case - enjoying Qubes everyday! - -- Best Regards, Ma

Re: [qubes-users] mooltipass hardware password manager

2019-01-09 Thread Marek Marczykowski-Górecki
tool) also may be helpful. evtest in dom0 may also give some hints. > Jan 10 00:21:07 sys-usb systemd-logind[436]: Watching system buttons on > /dev/input/event6 (SE Mooltipass) (...) > Testing ... (interrupt to exit) > *** > This dev

Re: [qubes-users] Installing snaps in appvms?

2019-01-09 Thread Marek Marczykowski-Górecki
at means nothing > else can download packages or data. > > In the short term, you can try enabling networking temporarily for the > template while you install snap packages. Just set the netvm in the > template's settings. > > In the long term, Qubes users may benefit from a s

Re: [qubes-users] Re: Qubes OS 4.0.1 has been released!

2019-01-09 Thread Marek Marczykowski-Górecki
ot;4.0.1-rc2". [1] https://github.com/QubesOS/qubes-issues/issues/4667 - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAA

[qubes-users] Qubes OS 4.0.1 has been released!

2019-01-08 Thread Marek Marczykowski-Górecki
/debian/upgrade-8-to-9/ [Whonix 14]: https://www.whonix.org/wiki/Upgrading_Whonix_13_to_Whonix_14 This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2019/01/09/qubes-401/ - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up

[qubes-users] Qubes Canary #18

2019-01-08 Thread Marek Marczykowski-Górecki
ailable on the Qubes website: https://www.qubes-os.org/news/2019/01/08/canary-18/ - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBA

Re: [qubes-users] Re: fed29 templates/upgrade

2019-01-04 Thread Marek Marczykowski-Górecki
gt; > > See: > > https://github.com/QubesOS/qubes-issues/issues/4223 > > and > > https://github.com/QubesOS/qubes-doc/pull/739 > > > > > Seems like this happened with 28 release as well > > > - -- Best Regards, Marek Marczyk

Re: [qubes-users] Re: 4.0.1-RC2 Boot loop after install

2018-12-27 Thread Marek Marczykowski-Górecki
; Within that "thin pool", a logical volume, "root" has been created that uses > all the disk space currently assigned. Yes, that's right. - From what I've seen in this thread, you did it right, but the system you used didn't support thin volumes. You can try Qubes insta

Re: [qubes-users] Qubes extensions usage / installation

2018-10-19 Thread Marek Marczykowski-Górecki
fter installing the extension. > Why is my extension not being loaded? Am I missing something here? How can I > debug extensions and make sure they are being loaded? Is there a log > somewhere? > > Is Qubes OS going to call my `on_vm_start()` function whenever a VM is >

Re: [qubes-users] dispVM shuts down immediately after starting (I'm trying to run xterm)

2018-10-15 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Oct 15, 2018 at 11:19:54PM +, floasretch wrote: > ‐‐‐ Original Message ‐‐‐ > On Monday, October 15, 2018 4:52 PM, Marek Marczykowski-Górecki > wrote: > > > > Same result with qubes.StartApp+debian-xterm &g

Re: [qubes-users] dispVM shuts down immediately after starting (I'm trying to run xterm)

2018-10-15 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Oct 15, 2018 at 10:41:45PM +, floasretch wrote: > ‐‐‐ Original Message ‐‐‐ > On Monday, October 15, 2018 3:34 PM, Marek Marczykowski-Górecki > wrote: > > > [user@dom0 ~]$ qvm-run --verbose --autostart --di

Re: [qubes-users] dispVM shuts down immediately after starting (I'm trying to run xterm)

2018-10-15 Thread Marek Marczykowski-Górecki
going wrong? The +xterm part should be a base name of .desktop file in /usr/share/applications (or other directory per XDG standard). xterm on Debian happens to have debian-xterm.desktop, so it should be qubes.StartApp+debian-xterm. - -- Best Regards, Marek Marczykowski-Górecki Invisible Thin

Re: [qubes-users] Installing qr-exec on HVM

2018-10-12 Thread Marek Marczykowski-Górecki
orarily unavailable > on X server ":0" > lfs qubes-gui[660]: after 37 requests (36 known processed) with 0 events > remaining) > > X works (startx shows me a desktop and consoles), but nothing yet from > getting Qubes GUI agent and qrexec. qubes-gui-agent starts its own X s

Re: [qubes-users] Default keyring

2018-10-12 Thread Marek Marczykowski-Górecki
ith - --password-store=basic. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/T

[qubes-users] Keyboard backlight color based on active qube

2018-10-11 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I've published the first post on my blog: https://blog.marmarek.net/blog/2018/10/11/keyboard-backlight-color-qubes.html Have fun! - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which

Re: [qubes-users] Re: debian-9 template

2018-10-10 Thread Marek Marczykowski-Górecki
ed on it). Actually, you may need to apply workaround temporarily to be able to install updates... [1] https://www.qubes-os.org/doc/software-update-vm/#debian - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which peop

Re: [qubes-users] Re: Forbidding VM create/delete/edit network settings from within dom0 for enterprise use-case

2018-09-18 Thread Marek Marczykowski-Górecki
instead add a proxy which checks qrexec policy even if action is performed from dom0. That is not unthinkable, but definitely require some work, and still it is a workaround. But Qubes 4.1 is still in development and I think will not be ready this year, maybe Q1 2019, depending on progress. GUI d

Re: [qubes-users] Re: qubes-u2f not installing on templates

2018-09-18 Thread Marek Marczykowski-Górecki
-testing install \ > qubes-u2f > > > There should be something similar for debian's apt-get All u2f-related packages area already in stable repository (since yesterday), so the above is not needed anymore. - -- Best Regards, Marek Marczykowski-Górecki Invis

Re: [qubes-users] Re: QSB #43: L1 Terminal Fault speculative side channel (XSA-273)

2018-09-03 Thread Marek Marczykowski-Górecki
tionally disable it in BIOS. Xen's smt=off option means it won't be used even if BIOS reports its availability. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting

Re: [qubes-users] fedora warning

2018-05-26 Thread Marek Marczykowski-Górecki
or. If all mirrors fails then package installation will fail. Example message for such case: https://github.com/QubesOS/qubes-issues/issues/2945#issuecomment-318877445 - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text.

Re: [qubes-users] No boot after dom0 security repo update on may 15

2018-05-22 Thread Marek Marczykowski-Górecki
fi-troubleshooting/#installation-finished-but-qubes-boot-option-is-missing-and-xencfg-is-empty - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIG

Re: [qubes-users] Restore backup in different storage pool

2018-05-19 Thread Marek Marczykowski-Górecki
tore and then move it? There is no direct option for that, but you can temporarily change default pool (see qubes-prefs tool). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thi

Re: [qubes-users] U2F on Gmail not working (using Chrome on Personal AppVM)

2018-05-19 Thread Marek Marczykowski-Górecki
In Fedora (template) you need to install u2f-hidraw-policy package, it will setup udev rules to fix device permissions. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thin

Re: [qubes-users] Default 'revisions_to_keep'

2018-05-19 Thread Marek Marczykowski-Górecki
RC and then upgraded to > current-testing. Probably, there was a bug about saving revisions_to_keep. Anyway, default value is 1. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is

Re: [qubes-users] Any way to attach a USB drive to a VM by label?

2018-05-18 Thread Marek Marczykowski-Górecki
ppreciated! Thanks... It isn't available yet, related issue: https://github.com/QubesOS/qubes-issues/issues/3437 - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad th

Re: [qubes-users] Testing repository: update policy

2018-05-06 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, May 06, 2018 at 03:54:10PM -0500, Andrew David Wong wrote: > On 2018-05-06 13:20, Marek Marczykowski-Górecki wrote: > > On Sun, May 06, 2018 at 12:25:32PM -0500, Andrew David Wong wrote: > >> On 2018-05-06 08:51, Vasil

Re: [qubes-users] Testing repository: update policy

2018-05-06 Thread Marek Marczykowski-Górecki
the > issue open as a reminder to do this? Usually every few weeks I review what packages have changes warranting new version (I have a script for that). Last few weeks (and probably some more) were busy because fc27/fc28. If you find some change that waiting unusually long for release, ping

Re: [qubes-users] Qube Manager dbus event handling

2018-05-03 Thread Marek Marczykowski-Górecki
p.py#L195-L199 [6] https://github.com/QubesOS/qubes-linux-gbulb - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAE

Re: [qubes-users] "How can I properly manage my system?" or "how do I use Admin API, salt and git or other versioning/distribution mechanisms together"

2018-04-21 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Apr 20, 2018 at 11:40:36PM +0200, viq wrote: > On 18-04-20 23:21:10, Marek Marczykowski-Górecki wrote: > > On Fri, Apr 20, 2018 at 10:51:38PM +0200, viq wrote: > > > On 18-04-20 13:51:50, Marek Marczykowski-Górecki wrote: &

Re: [qubes-users] "How can I properly manage my system?" or "how do I use Admin API, salt and git or other versioning/distribution mechanisms together"

2018-04-20 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Apr 20, 2018 at 10:51:38PM +0200, viq wrote: > On 18-04-20 13:51:50, Marek Marczykowski-Górecki wrote: > Hm, salt has SPM[6], which I need to read a bit more about. On one > hand, it's a native salt tool, so possibly it could wo

Re: [qubes-users] "How can I properly manage my system?" or "how do I use Admin API, salt and git or other versioning/distribution mechanisms together"

2018-04-20 Thread Marek Marczykowski-Górecki
017/06/27/qubes-admin-api/ [2] https://github.com/QubesOS/qubes-mgmt-salt-dom0-qvm/ [3] https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines/ [4] https://github.com/QubesOS/qubes-infrastructure/ [5] https://github.com/QubesOS/qubes-mgmt-salt - -- Best Regards, Marek Marczykowski-Górec

Re: [qubes-users] Re: Qubes R4.0 broken by "TypeError: not enough arguments..." for most qvm-* commands

2018-04-12 Thread Marek Marczykowski-Górecki
-firewall and sys-usb on a R4.0 system > - how to recover a qube whose -snap volumes are no longer available (I have > no problem losing these short-term data) > > Thanks for pointing to the right direction! > - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A

Re: [qubes-users] Re: [Q4-rc5] Blank screen on boot after installation on Lenovo

2018-04-01 Thread Marek Marczykowski-Górecki
g. Have you tried final 4.0 image? There were some fixes that didn't managed to get included in rc5. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN

Re: [qubes-users] installation failure hen trying to instal from usb to samsung sad on lenovo 220

2018-03-30 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Mar 30, 2018 at 01:50:07AM +0200, Marek Marczykowski-Górecki wrote: > On Thu, Mar 29, 2018 at 11:56:12AM -0700, kai.fr...@gmail.com wrote: > > greetings, > > > > i copied the current iso (tried it.both with rc5

ReactOS cooperation? (was: Re: [qubes-users] Disk problems when installing ReactOS 0.4.5 on HVM)

2018-03-30 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Mar 19, 2018 at 11:37:10AM +0100, Marek Marczykowski-Górecki wrote: > On Mon, Mar 19, 2018 at 11:21:39AM +0100, Giulio wrote: > > > > > I've tried that already and it doesn't help (you exchange disk not found > > &g

  1   2   3   4   5   6   7   8   >